🚨 Axios was hit by a supply chain attack as of the early hours of this morning.

I'm currently hunting affected repos on GitHub, here is what I have so far:

Vulnerable versions (via package.json):
https://github.com/search?q=%2F%5C%22axios%5C%22%3A%5Cs*%5C%22%281%5C.14%5C.1%7C0%5C.30%5C.4%29%5C%22%2F+path%3Apackage.json&type=code

Presence of plain-crypto-js:
https://github.com/search?q=plain-crypto-js+path%3Apackage-lock.json&type=code

Full technical analysis from StepSecurity:
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan